The ancient Greek historian Plutarch famously said that when Alexander the Great “saw the breadth of his domain, he wept for there were no more worlds to conquer.” This is a fitting statement from a military commander who never lost a battle. Similar dominance is sought after today in every field: politics, entertainment, sports and certainly IT. Our CertMag.com forums recently saw a poster who finds no more cert worlds to conquer and weeps at what he perceives as a lack of breadth in his domain.
“Even with having an MBA with a focus in information security, I am unable to find a higher position than where I am at,” said CertMag forum poster Cymric. “Despite the fact that I have my A+, Network+, I-Net+, Security+, CIW, MCP, MCSA, MCSE, MCSA: Security and MCSE: Security, my current employer is unwilling to advance me or give me the experience I crave. Thus I am seeking employment elsewhere. Where can one go or what can one do in order to receive experience? My employer’s usual response is ‘What are you going to do with that?’ Our Security Group is something to admire as well … NOT!
“I didn’t even ask my employer for reimbursement so it didn’t cost them anything for me to go!” Cymric exclaimed. “Prior to my graduating with my master’s degree I would schedule a meeting with the CIO and the security supervisor to see how I could best use my new skills and benefit the organization. I had done this twice now and that was two years ago. I really never received a good answer from either of them. I am still in the same position!”
“Cymric, what experience do you have?” asked CertMag poster Wagnerk. “As you already have gained your MCSE, can I assume that you’re doing level 3 support? I agree with your choice of looking for better prospects elsewhere. If you’re unhappy with your current work situation, then a change of employment into a field that you want to enter may be a better option for you.”
“I am doing desktop support (level 3),” Cymric replied. “As to looking elsewhere, I am, but again, I have no upper level technical experience even though I have had some management experience. One recruiter confided in me that this area (where I live) is a ‘technology dead-zone.’ I am not sure how true that is but I know of other technicians who are looking as well. I may have an interview soon for a computer operations manager position. I think that my certifications and MBA will be a factor in me being called. Besides looking elsewhere, where or how can I get additional experience when my employer is unwilling? Considering the number of certifications that I have, as well as an MBA in information security, I was wondering what my next step would be.”
“Leave,” CertMag poster Iamregin said. “Your employer obviously knows you’re worth something, or they should, at least. If they don’t they’re are ignorant and you should leave. Maybe they are scared of your abilities and don’t want to promote you because you might take their jobs later. I’d say start looking. Find a job, and go to your boss, tell him you have another offer. You like your company and you want to stay, but they aren’t giving you want you want. They will either counteroffer or let you go, in which case you’ll be better off either way.”
IT professionals encompass a wide range of competencies; some like Cyrmic above have too many certs while others are still trying to determine how to proceed with their education.
“I see a lot of colleges out there now that offer a bachelor’s and master’s degree in information assurance,” forum poster Lyngx said. “Is this a new emerging field or just another name for information security? From what I understand, it relates closely with national security, and the colleges who have these programs are designated Centers of Academic Excellence by the NSA. Is this more of a management type field or a hands on-type field? What type of work does this field involve? I’ve been looking for more information on this but I usually only get as far as government Web sites. Any thoughts?”
WayneAnderson answered back: “In the U.S., the term information assurance is a government coined term that refers to the oversight or implementation of information integrity. This does include many aspects of information security but can also mean senior positions that have oversight duties for the integrity of more general IT programs.”
“Information assurance is a broader term than IT security,” ChuckH added. “It is the terminology used for the activities surrounding the practice of confidentiality integrity and availability of data (CIA). Since it is broader than just electronic media it falls in with information assurance (IA). IT security is the practice of IA within electronic mediums or modalities. Yes it is an up and coming field that was meant to be here all along only no one but the staff attorney, HR and the net administrators did it. It is now becoming where a chief security officer (CSO) has a purpose greater than the networks — he or she encompasses all forms of data. With greater responsibility comes more specialization with training and thus more money for the CSO hopefuls. In the general IT world, it’s just a large piece of the pie mostly due to the massive amounts of electronically retained data versus hard copy.”
What’s in It for Them?
Traditionally, a cert is obtained by individuals studying the material themselves or taking a class with the goal of eventually landing a job. Increasingly though, companies are wooing IT professionals by offering them time and resources to update their existing certification or acquire a new one. This trend sparked one CertMag forum poster to ask why.
“From an employer’s point of view — why would I want to pay for existing employees to get certified and to maintain their certification?” MichaelB asked. “I need to build a business case and I’m looking for reference material. Everything I found so far is related to the value from an individual’s point of view or from an employer recruiting for a person. But if I have security people already, why would I want to spend the money to have them find other jobs? Can you help?”
Wagnerk replied: “You’re not, as an employer, helping your staff look for other jobs. You’re investing in and valuing your staff by training them up. By having qualified staff, you can increase productivity and give your company a bigger edge on the competition. Put yourself in your customers’ shoes: Would you rather hand over thousands of dollars or euros to a company that had unqualified staff or would you rather hand over your money to a company that had qualified staff? Anyway, Microsoft has already done a study on the benefits of hiring an MS Certified Professional.”
ChuckH added: “OK, I don’t normally join in on the postings, but I had to join just to have the opportunity to address the issue of certified versus non-certified. There are two valid reasons a company should seek current certified persons and upgrade their current employees. First of all, anyone can go to school and anyone can get on-the-job training. But would you allow your lawyer, doctor or architect do a single job for you if there wasn’t some form of third party validation — bar exam, medical exams, etc.? You might think this is extreme, but consider this: Let’s say there is a break-in to your network and client or employee data is stolen. Now you are in court with the lawsuits and the prosecutor asks you, ‘Did your network engineer sufficiently secure your network? How do you know he was completely qualified to ensure all measures were taken?’ Third party validation and certifications give you the answer to these expensive questions. As we move further into technology, questions that are common in the human resources management arenas will become common in our IT world.”
Agree? Disagree? Have something else to share? Your comments and thoughts are always -appreciated on our forums. P